Skip to main content
Version: Next


Most requests of the Public REST API need to include an authorization token as an Authorization request header.

Given a valid token mySecret, the header would need to be set as follows:

Authorization: Bearer mySecret

The token used to access the Optimize API can be a configurable shared secret (except in Camunda Platform 8 SaaS mode) or a JWT compliant with the OAuth2 Protocol (all modes).

Refer to Public API Configuration for the particular configuration to access the public API using a token.

How to obtain the access token for C8 SaaS (Cloud) usage

You must obtain a token to use the Optimize API. When you create an Optimize client, you get all the information needed to connect to Optimize.

See our guide on building your own client.

The following settings are needed:

NameDescriptionDefault value
client idName of your registered client-
client secretPassword for your registered client-
audiencePermission name; if not given use default
authorization server urlToken issuer server-

Send a token issue POST request to the authorization server with the following content:

"client_id": "<client-id>",
"client_secret": "<client-secret>",
"audience": "<audience>",
"grant_type": "client_credentials"

See the following example with curl:

curl -X POST --header 'content-type: application/json' --data '{"client_id": "<client-id>", "client_secret":"<client-secret>","audience":"<audience>","grant_type":"client_credentials"}' https://<authorization server url>

If the authorization is successful, the authorization server sends back the access token, when it expires, scope, and type:

"access_token": "ey...",
"scope": "...",
"expires_in": 86400,
"token_type": "Bearer"